Henrique M Holschuh <[EMAIL PROTECTED]> writes: > On Thu, 31 Aug 2000, Olaf Meeuwissen wrote: > > Edited /etc/hosts.deny to read ALL:ALL to boot. > > You probably want to add portmap: ALL to /etc/hosts.deny as well, > just in case. ALL: ALL does not handle the portmapper for some > reason.
In an earlier incarnation of the same machine (running potato when it was still frozen) I had to enable the portmapper in /etc/hosts.allow to get NFS mounts to work. Looks like ALL:ALL covers portmap. > > Change your BIOS settings to only boot from the internal disk and > > password protect it. > > BIOSes are very easy to erase, you know. Some are even stupid enough > to have 'master key' passwords. You really need to keep the machine > behind a locked door (or in a special locked case) if you can't > trust everyone who gets near it. Otherwise, it won't hold even a > reasonably tech-savy 10 year old (read proto-hardware-hacker) that > manages to stay 5 minutes alone near the machine in possession of > some tools and a small resistor (if he's a nice kid) or piece of > wire (if he's a not-so-nice kid or likes sparks) :-) I know BIOS passwords are not super-secure, but at least it will make it a fair bit more difficult for our average computer user to screw up the system. Putting the machine behind locked doors is not an option. -- Olaf Meeuwissen Epson Kowa Corporation, Research and Development
